Core Insights - Security researchers have disclosed a vulnerability in OpenAI's Connectors that allows attackers to extract sensitive information from Google Drive accounts without user interaction [1][3] - The vulnerability is classified as a "zero-click" attack, requiring only the user's email and shared documents to execute [3] - OpenAI has implemented mitigation measures after being informed of the vulnerability earlier this year, although they have not publicly commented on the issue [3] Company Overview - Connectors is a feature launched by OpenAI for ChatGPT, enabling users to integrate tools and data, search files, pull real-time data, and reference content [3] - The feature currently supports at least 17 different services [3] Security Implications - The attack can only extract limited data per instance and cannot remove entire documents [3] - The rapid response from OpenAI indicates a proactive approach to security following the discovery of the vulnerability [3]
ChatGPT 连接器被曝漏洞:无需用户操作即可窃取敏感数据
Huan Qiu Wang Zi Xun·2025-08-07 08:10